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1 PROCEEDINGS 

2 JUDGE SAADAT: And begin whenever you're ready. Thank you. 

3 MR. FARRES: Thank you, Your Honor. 

4 First, let me just begin by thanking you for your time today and 

5 allowing us to present our ~ what we hope are brief arguments to help 

6 clarify our position as it relates to the pending rejections. 

7 Very briefly, the system that we are claiming relates generally to what 



8 we call data mining systems or OLAP, or Online Analytical Processing, 

9 engines. And, in short, what they seek to accomplish is to provide a system 

10 that allows a user to access data, and slice and dice that data, to achieve, you 

1 1 know, results that are of value and provide insight and information into how, 

12 you know, data is being generated or obtained in many different, you know, 

13 applications. 

14 Just a brief example is if you're the owner of a store and you have 

15 sales figures at that store, at regional levels, at a national level, these types of 

16 online analytical processing systems allow users to identify how sales are 

17 proceeding at any of those levels. But it could be applied in many different 

18 contexts and applications. 

19 What these claims, in particular, focus on, is the security aspects 

20 related to accessing or utilizing theses data mining systems. And what the 

21 Inventors in this case have done, is they've implemented a system where the 

22 security and access features of the data mining systems are separated from 

23 the data mining system itself, and are implemented in what we refer to 

24 generally in this claims as a remote repository. 
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1 So the claims as they currently read, and I'm going to focus on Claim 

2 1, but the arguments that I make in connection with Claim 1 apply to all the 

3 independent claims. I'm just going to very briefly go through the claim 

4 language. It's a method for integrating security and user account data in a 

5 reporting system with at least one remote repository, comprising the steps of 

6 enabling a user to submit user credential input to into a reporting system, 

7 identifying an authentication process, forwarding the user credential input to 

8 a first server. 

9 And then, this last section is where the heart of our argument really 

10 lies, and that's the step of enabling the first server to apply the authentication 

1 1 process to authenticate the user against a remote repository, for verifying the 

12 user credential input, and to determine user access control data for 

13 identifying at least one user privilege for performing one or more actions 

14 and at least one user permission associated with one or more objects, 

15 wherein the remote repository is located within a second server, the second 

16 server being different from the first server. 

17 Now I'd like to take that last element there and really parcel it to two 

1 8 main points that we want to bring to the Court's attention, or rather, 

19 reinforce. In think the briefing that we've submitted clarifies what our 

20 position is, but I would just like to further elaborate on two of those 

21 arguments. 

22 The first one is the notion that, you know, we have two servers: one 

23 that actually interfaces or interacts with the user in connection with the data 

24 mining functionality, and then a second server, which is separate from that 
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1 first server, which engages and performs functionality relating to the security 

2 and the access control features of the invented system. 

3 Now, one of the things that we did in the claims during prosecution is, 

4 as the claims were originally read, it wasn't very clear what this remote 

5 repository was, or where it was located, more importantly. We amended the 

6 claims to clarify that that remote repository is in a second server, which is 

7 different from the first server. And one of the important clarifications we 

8 made is that that remote repository is within that second server. 

9 The Examiner to date has presented only a 102 rejection based on this 

10 Win reference, and one of the distinctions that we noted was that in Win 

1 1 what he refers to as the second server is this registry server 108, which is 

12 depicted in Figure 1 of Win. The remote ~ or, excuse me, the registry 

13 repository 110, which is what the Examiner asserts is our remote repository, 

14 in Win, it's coupled to that registry server. We are, on the other hand, 

15 requiring expressly in the claims that the remote repository be located within 

16 that second server. Now -- 



17 JUDGE SAADAT: Mr. Farres, I have a question. 

18 MR. FARRES: Sure. 

19 JUDGE SAADAT: And I think the Examiner also pointed to that 

20 issue in the Answer, and it seems like we can't find the exact description, or 

21 at least a quite precise description, of what this ~ a server means, from your 

22 disclosure. Could you help us define it? 

23 MR. FARRES: Sure. I think if we turn to -- it's on page 22, 1 believe, 

24 of our specification. Actually, I apologize, it's on page 7 of the 

25 specification. We talk about -- and this is the last sentence of the first full 
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1 paragraph on page 7. It states, "It should be understood that while data 

2 storage devices 108, 108A, 108B, et cetera, are illustrated as a plurality of 

3 data storage devices, in some embodiments, the data storage devices may be 

4 contained within the single database or another single resource." 

5 And it's that last section of that sentence, where we talk about a single 

6 resource, that we rely on for purposes of what we mean by within. So we 

7 don't have, as Win does, two distinct components, the registry server and 

8 then the coupled-to repository. We have it all within one component, i.e., 

9 the server. And so -- and the reasoning for that and the value behind that is 

10 from an efficiency standpoint we don't have to have additional interactive 

1 1 functionality between the second server and our remote repository in order 

12 to enable communication. It's all part in the -- it's all one system. 

13 And we did ~ from a disclosure standpoint, however, and I think this 

14 is what the Examiner was getting to, we did disclose both, you know, 

15 concepts. We did have a separate server that's connected to the remote 

16 repository. But as we see in page 7, we do have support for the notion of 

17 combining them as a single resource. 

18 JUDGE SAADAT: But aren't they referring to databases, rather than 

19 servers? 

20 MR.FARRES: Right. 

21 JUDGE SAADAT: And we -- 1 believe we also understood the 

22 Examiner's position, that the Examiner was maybe suggesting a distributed 

23 system. Every component could be anywhere, but they are -- as they're 

24 coupled, even though they're in a totally different physical location, but they 

25 are considered to be within a server because that's how they're accessed. 



5 



Appeal 2009-006094 
Application 09/883,300 

1 MR. FARRES: I think that's a possible interpretation, but what the 

2 reference teaches is it's coupled to. So there are two distinct components 

3 that are connected to each other. 

4 JUDGE SAADAT: But there's no other way to reach that repository 

5 but that server, so that server is the only way to get to that database, if you 

6 will. 

7 MR. FARRES: In Win, that's possible. I mean, that's certainly the 

8 way we understand Win, is that you have to go through the server, and then 

9 the server needs to go to the coupled -- 

10 JUDGE SAADAT: When you say possible, is there any other option? 

1 1 MR. FARRES: Sure. I mean, you can have it all part of one system. 

12 They're not coupled together. They're not two separate components that 

13 interact. 

14 The way we have it is we have, within the server, we have the 



15 functionality of the remote repository, so there's no need for the server to go 

16 outside of itself, if you will, to a coupled external component, as Win needs 

17 to do. We do it all internally within the server. It's all there. And that's the 

18 distinction that we ~ by amending the claims, we were trying to emphasize, 

19 is that Win has the added inefficiency of having to have a separate 

20 communication protocol between that second ~ what they call the registry 

21 server 108 and the registry repository 1 10, so ~ 

22 JUDGE SAADAT: We understand that, but in page 7 of the 

23 disclosure, it refers to another single resource. It seems like it's mostly 

24 limited to databases, rather than within a server. 
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1 MR. FARRES: Well, what we say in the last part of that sentence is, 

2 it says that, "The storage devices may be contained within a single database 

3 or another single resource." A single resource is generally the server. So 

4 you don't have to have ~ and we draw the distinction between a single 

5 database and another single ~ or another single resource. So from ~ 

6 JUDGE SAADAT: Is this referring to one of the figures of the 

7 application? 

8 MR. FARRES: I believe so. I think this is Figure 1, Your Honor. 

9 And, in fact, in Figure 1, you see that the databases are connected within the 

10 functionality of the intelligence server 103. 

1 1 JUDGE SAADAT: Did you point out to this particular part of the 

12 disclosure in your Brief or Reply Brief? 

13 MR. FARRES: Yes, Your Honor. We have, in the Reply Brief, 

14 which is the more ~ we do it in both the Appeal and the Reply Brief, but we 

15 certainly make reference to it in pages 2 and 3 of the Reply Brief. We make, 

16 you know, the argument that within is not the same as coupled to, and -- 

17 JUDGE SAADAT: But no reference was made to page 7 of the 

18 disclosure. 

19 MR. FARRES: Not expressed reference. But I mean this is an 

20 elaboration of the argument, so I mean it's the same ~ it's the argument, and 

21 we're just further substantiating it, based on expressed reference to the 

22 disclosure. 

23 JUDGE SAADAT: Okay. Thank you. 
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1 MR. FARRES: Okay. And moving on to the next point, Your 

2 Honors, that we would like to make is another critical distinction between 

3 our claims and the Win reference. 

4 Again, focusing on that last enabling step, the second part that I want 

5 to focus your attention on, is this notion of determining user access control 

6 data. It's important to understand what we mean by that. There 're two 

7 subcomponents to that determination step. We have to determine user 

8 access control data for one, okay, identifying at least one user privilege for 

9 performing one or more actions, and then the second subcomponent is, we 

10 also need to determine at least one user permission associated with one or 

11 more objects. 

12 Now, what's important to understand here is what this user access 

13 control data is getting to. It's once we go to this remote repository, we're 

14 doing it for two things. We're doing it to identify what the user is able to 

15 do, and also, simultaneously, what the particular objects that the user may or 

16 may not initiate, what limitations are imposed on those objects. And that's 

17 why we have at least one user privilege and at least one user permission. 

18 Privileges are associated with the user and permissions are associated with 

19 the objects. 

20 In short, what we're saying is, we are looking at two different layers to 

21 determine what a user, once authenticated, can or cannot do. The Win 

22 reference doesn't slice it down to such a granular nuance level. All they do 

23 in Win is give the user a set of icons or a list, a menu, if you will, of 

24 applications that they can access. It doesn't further ~ it doesn't do so. 
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1 number one, by looking at permissions associated with the object itself, and 

2 it doesn't do so by looking at privileges associated with the user. 

3 We will concede, however, that it would do one of those two things 

4 because, clearly, if you're going to be able to give a user a personalized 

5 menu of options that they can initiate, we do concede that there's some layer 

6 of personalization or some level of personalization involved. Where it falls, 

7 however, is they don't do it at two different levels, at the user level, through 

8 privileges or at the permission level through objects. And if I can just very 

9 briefly explain and shine some light on what that distinction is, I think it can 

10 help the Board come into agreement with our position. 

11 A user privilege is essentially, as disclosed in the specification, a list 

12 of privileges that are associated with the user. So an individual user may be 

13 permitted, for example, to execute or to utilize these different types of 

14 applications. They might even be limited to certain functionalities within 

1 5 distinct applications . 

16 What the permission is, and we have expressly in the claims, 

17 "permission associated with one or more objects," permissions are 

18 associated with the objections, and an object would be an application, 

19 anything that could be manipulated by this database. 

20 So, back to our original example of a store owner. The store owner 

21 owns a store in D.C. He might be, as an individual, limited, through 

22 privileges, to only use the data mining system to access information on his 

23 own store, okay. So, if he goes onto the system, he's only going to be 

24 allowed to see what the sales data, the customer data for his own store. So 

25 that's a user privilege. 
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1 A permission associated with one or more objects might be a 

2 limitation imposed on any request for sales data. So the object would be: I 

3 want sales data. Sales data might be limited to certain types of users. So, 

4 for example, if we could say the object of sales data, we're going to limit that 

5 only to store owners, okay. So what you have in our system is this more 

6 nuanced and more flexible approach to determine who can access what. So, 

7 on one level, the D.C. store owner is privileged to access the store data 

8 because of who he is, and on a second level, that D.C. store owner can 

9 access the sales data because as a store owner he's permitted to access sales 

10 data. 

1 1 And that nuanced distinction is not captured in Win. Again, just to 

12 reiterate. Win merely teaches a personalized menu that sets forth a list of 

13 applications that user can or cannot use. We don't know -- and this is the 

14 ultimate, I guess, drawback of Win ~ we don't know how it achieves that. 

15 And without there being a particularized disclosure on how it gets achieved, 

16 we believe our more specific and more nuanced claim language is 

17 distinguishable from the disclosure of Win. 

18 JUDGE SAADAT: We understand that, but, again, the Examiner 

19 pointed to a portion in column 1 1 of Win that seems to have the two layers 

20 you just described. Maybe you can help us to better understand that. 

21 Starting from line 46, access menu is taught, that's probably what you were 

22 just describing, but it seems like, first, the user is authenticated. 

23 MR.FARRES: That's right. 

24 JUDGE SAADAT: And then, the user selects from the access menu, 

25 the applications or objects that a user is authorized to access according to a 
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1 user's rules and privileges. So, the Examiner took these to read on the two 

2 layers you just described. One is user-related authentication and the other is 

3 ~ even though the user makes a personalized menu, but still from the items 

4 that the user is authorized to use, and that seems to be the permission. 

5 MR. FARRES: The one thing I didn't ~ and I appreciate your 

6 perspective on this part of Win ~ the one thing I don't believe is disclosed in 

7 Win is the permission side of things, which are associated with what Win 

8 refers to as the resources or applications. There's no mention in Win of any 

9 kind of permissions that are associated with the individual applications. It's 

10 all driven by who the user is, in which case, it's distinguishable because, 

1 1 even conceding the point that Win would presumably therefore teach our 

12 claimed privilege, it doesn't teach the permission that's associated with the 

13 one or more objects. 

14 And just to further expand on my argument, I'm assuming that our 

15 object would be the resource of the application in Win. But we don't have 

16 any permissions in Win that are associated with the applications or 

17 resources. And, as a result of that, they fail to meet the permission 

1 8 limitation. 

19 And to go back to my fundamental point, we just don't know from 

20 Win, beyond the fact that it's based on who the user is, what else, if 

21 anything, is analyzed in determining or assessing whether the user has 

22 ultimate access to particular data. 

23 JUDGE SAAD AT: Thank you. 

24 MR. FARRES: That's it. Your Honor. Thank you very much for your 

25 time. 
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1 JUDGE SAADAT: Do you have any questions? 

2 JUDGE KRIVAK: No questions. 

3 JUDGE SAADAT: No? Thank you so much. 

4 MR. FARRES: Thank you very much, Your Honors, thank you. 

5 JUDGE SAADAT: Have a great day. 

6 MR. FARRES: You too. 

7 (Whereupon, the proceedings, at 10:06 a.m., were concluded.) 
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